Elite Hackers Expose All

   Proving Just How Vulnerable Computer Networks Are 
   Some hackers claim they can shut down the entire Internet in less than

   By Kevin Newman 
   ABCNEWS.com

   Dec.  20  -- Their code name is "The L0pht," and
   in  exchange  for a peek into their secretive world, we had to promise
   not to reveal where their hideout is.

         They  are  the  elite  of  hackers, whose notoriety brought them
   before Congress a year ago.

         On  May  19,  1998,  Sen.  Fred Thompson (R-Tenn.) of the Senate
   Government  Affairs  Committee asked L0pht members, "I'm informed that
   you  think  that  within  30  minutes  the seven of you could make the
   Internet unusable for the entire nation. Is that correct?"
          "That's   correct,"  one  L0pht  member  responded.  "It  would
   definitely  take  a  few  days for people to figure out what was going
   on."

         The L0pht's workspace is not much to look at. There are a lot of
   circuits, old keyboards and odd tributes to the information age.

         What  they do is try to break into programs we're led to believe
   are secure.

   Avoiding Lawsuits

   They  refer  to  each  other by nicknames. By not revealing their real
   names,   they  protect  themselves  from  lawsuits  by  companies  and
   individuals.   They   have  perfected  ways,  for  example,  to  crack
   passwords,  those  secret  letters  or  numbers we enter assuming they
   protect our privacy.

         When  asked  how long it would take to crack, one member quickly
   replied, "minutes ... seconds."

         But L0pht doesn't just "bypass passwords successfully." On their
   Web  site, they show the world which software has vulnerable security,
   then  they  give  instructions  on  how  to  break  in.  It's  an open
   invitation  to  other  hackers. But L0pht says it's meant to embarrass
   companies into better protecting our privacy,

         "Well,  if  we  can  find  it,"  says  Space Rogue of the L0pht,
   "somebody else can find it."

        Why not just tell the companies that they have a problem?

         "We  initially  tried  doing it that way," says Dr. Mudge of the
   L0pht.  "We've  found  if  we don't take it a step further nobody pays
   attention to it."

   Creating `More Security Breaches'

   They  accept  that  they  might have created, through their work, more
   security breaches.

         "Sometimes you have to kick up the hornets' nest a little to get
   it to settle in a better way," says Dr. Mudge.

         And  it  usually  works. Lotus, which makes a popular office and
   e-mail program, credits L0pht with flagging a potential security issue
   in some of its software.

         But  not all of L0pht's work is as constructive. Some members of
   the group claim they can target any computer system and try to shut it
   down. They say it's to remind us how we've become reliant on computers
   for  more than just communicating; they help run our power systems and
   are  the  backbone  of the military, two potentially dangerous targets
   for hackers.

        Are they legitimizing destructive behavior?

         "We  don't  think  we  are,"  Dr.  Mudge says. "I don't know who
   deserves to get that information. ... We don't suppose to know who the
   good guys or the bad guys are.

        In that same morally ambiguous way, the members of L0pht see what
   they  do as neither good nor bad. More akin to Robin Hood, whose merry
   band of outlaws used unorthodox ways to help.

         "We  feel  we're  actually  making a difference," says one L0pht
   member.

         But  like Robin Hood, one person's hero, can be another's rogue.